0

I am setting up an SSLVPN profile on a SonicWALL and have NAT working seemingly well. However, I am running into an issue with DNS on the vpn clients. The clients are configured to have the NAT'd address of the remote DNS server but the queries are returning the un-NAT'd addresses.

My question is what are the best practices for handling DNS servers that are accessed through NAT? I imagine I may be able to solve it with a second NAT policy which then translates the remote subnet to the NAT subnet but that would defeat the point of using NAT in the first place. The reason for using NAT is that we have several remote branches which sometimes have overlapping subnets.

In summary:

VPN Subnet: 10.10.0.0/16

Remote Subnet: 192.168.1.0/24

NAT Subnet: 10.10.1.0/24

Remote DNS Server @ 10.10.1.6 returns 192.168.1.0 addresses to clients.

Taylor Artunian
  • 1
  • The server is going to return whatever is in the DNS zone. If the 192.168.1.0 addresses are what exist in the DNS zone then that's what the server is going to return. Can you clarify what DNS records are in the zone? – joeqwerty Jan 14 '21 at 00:31
  • I have customers with subnets that overlap with each other and with our office network. My goal is to remap those remote subnets using NAT on our vpn routers. Each location has a single forest/domain with their own DNS which I hoped I could access independently using NAT. – Taylor Artunian Jan 14 '21 at 01:02
  • 1
    What I'm saying is that while you may be able to query those DNS server via NAT, they're going to return whatever DNS records are in the DNS zones they host. If the DNS zones don't have a record for the NAT address then the DNS server is not going to return the NAT address to a DNS query. This isn't about NAT, it's about what records exist in the DNS zones. – joeqwerty Jan 14 '21 at 01:31
  • I see what you are saying. Now I am looking into split DNS and the like. Thanks. – Taylor Artunian Jan 14 '21 at 03:45

0 Answers0